At its rudimentary stage, online extortion was all about bluff and did not use cryptography at all. It hinged upon screen lockers stating that the FBI caught users violating copyright or distributing NSFW content. Victims were instructed to pay a fine via a prepaid service such as MoneyPak or Ukash.
Things have changed dramatically over time. Ransomware operators rethought the range of their intended victims, switching to the enterprise as juicier prey than individuals. In recent years, they also added a data leak strategy and DDoS threats to their genre. As a result, online extortion has matured into one of today’s most detrimental cybersecurity perils.
Ransomware went pro in 2013
The first mainstream file-encrypting ransom Trojan called CryptoLocker made its debut in September 2013. It used an asymmetric 2048-bit RSA cipher
SAN FRANCISCO (Reuters) – Microsoft said Monday it had used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election.
The maker of the Windows operating system said it seized a series of internet protocol addresses hosted by U.S. companies that had been directing activity on computers infected with Trickbot, one of the most common pieces of malware in the world.
More than a million computers have been infected with Trickbot, and the operators use the software to install more pernicious programs, including ransomware, for both criminal groups and national governments that pay for the access, researchers said.
Trickbot has shown up in a number of public governments, which could be hurt worse if the operators encrypt files or install programs that interfere with voter registration records or the display and public reporting
Microsoft is responsible for locating and dealing with potentially dangerous malwares on their own Windows operating system. However, the tech company claims that they try to use their expertise to provide benefits to operating systems beyond their own. According to the company’s cybersecurity blog, Android users should be aware of the new and evolving malwares that target the operating system.
In their official blog, the company stated that they have found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that have also been observed on other platforms.
Microsoft claims that this new mobile ransomware was detected by Microsoft Defender for Endpoint as AndroidOS/MalLocker.B. This new malware is the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop, according to the blog.
The ransomware, according to Microsoft, masks itself
Taiwanese hardware vendor QNAP urged customers last week to update the firmware and apps installed on their network-attached storage (NAS) devices to avoid infections with a new strain of ransomware named AgeLocker.
The ransomware has been active since June this year when it first began making victims.
It was named AgeLocker for its use of the Actually Good Encryption (AGE) algorithm to encrypt files. The AGE encryption algorithm is considered cryptographically secure, which means encrypted files can’t be recovered without paying the ransom demand.
Techniques like brute-forcing the encryption key or identifying weaknesses in the encryption scheme are not reliable against AGE.
The impossibility of recovering encrypted files without paying the ransom demand is why users should take care to secure QNAP NAS devices.
Last week, QNAP said it identified two sources of how AgeLocker gains access to QNAP devices. The first is the QNAP device firmware
The sign for Tyler Technologies is seen outside the company’s offices, Thursday, Sept. 24, 2020, in Plano, Texas. The major U.S. provider of software services to state and local governments, including the online publishing of election results, has told customers that an unknown intruder broke into its phone and IT systems. Plano, Texas-based Tyler Technologies told customers in an email that it discovered the breach and contacted law enforcement and enlisted outside cybersecurity help. less
The sign for Tyler Technologies is seen outside the company’s offices, Thursday, Sept. 24, 2020, in Plano, Texas. The major U.S. provider of software services to state and local governments, including the … more
Photo: LM Otero, AP
The sign for Tyler Technologies is seen outside the company’s offices, Thursday, Sept. 24, 2020, in Plano, Texas. The major U.S. provider of software services
DALLAS (AP) — A day after informing customers that it had been hacked by an unknown intruder, a major U.S. provider of software services to state and local governments —including posting election data online— said the impact appeared limited and there is no reason to believe its customers were affected.
Tyler Technologies’ website remained offline Thursday, and questions sent to a media email address provided by a person who answered the phone at the company’s headquarters near Dallas were not directly answered.
The cyberattack against Tyler Technologies Wednesday had all the hallmarks of the ransomware strikes that have crippled massive systems integrators across the country this year, said Vitali Kremez, one of the top ethical hackers in the US.
“That’s the flavor of the day for many breaches,” Kremez told CRN Thursday. “Criminals are not pursuing single targets, they are looking for advanced networks. They want the keys to the kingdom so they can go after other victims … No one is safe.”
The attack against Tyler Technologies, No. 46 on the 2019 CRN Solution Provider 500, comes just months after vicious ransomware infections crippled three of the world’s 20 largest solution providers – Cognizant, Conduent and DXC Technology. All told, the four solution providers who succumbed to ransomware in 2020 have combined revenue of $41.93 billion and a joint market cap of $54.36 billion.
The cruel march of ransomware has apparently reached a grim new milestone. In Germany, authorities are investigating the death of a patient during a ransomware attack on a hospital; according to reports, the woman, who needed urgent medical care, died after being re-routed to a hospital further away, as a nearer hospital was in the midst of dealing with a ransomware attack.
Elsewhere ransomware continues to create painful, if less tragic, disruptions. The UK’s cybersecurity agency has just warned that ransomware groups are launching ‘reprehensible’ attacks against universities as the new academic year starts. On a daily basis, companies large and small are finding their business disrupted when they can least afford to have computer systems failing.
And yet, there seems to be a sense in some quarters that ransomware is simply an inevitable consequence of our digital age. That it is something that we just have to learn to
It sounds like something out of a tragic Black Mirror episode: A woman seeking urgent care died this week after an apparently bungled ransomware attack took down a major hospital in Germany, thus forcing paramedics to rush her to another city for treatment, according to severaloutlets.
It appears to be the first case of someone dying as a result of a ransomware attack, albeit indirectly, and German authorities are investigating the unknown hackers on suspicion of negligent manslaughter, the Associated Press reports
Beginning Thursday night, the attack disrupted the IT systems at Duesseldorf University Clinic, crippling its ability to access data
Ransomware is known to have serious consequences, but one of the latest attacks might have been fatal. BBC News reports (via MIT Technology Review) that prosecutors in Cologne, Germany have launched a negligent homicide investigation after a Düsseldorf University Hospital patient died following a ransomware incident. The attack hampered emergency services on September 9th, forcing healthcare workers to send the patient to a hospital 19 miles away for vital treatment.
Local media claim the hackers were targeting a different university and didn’t mean to compromise the hospital. They reportedly provided the ransomware decryption key for free once they realized their mistake.
Whatever the intentions, this may have been an avoidable breach. The intruders exploited a known security flaw in Citrix’s VPN software, and Germany’s cybersecurity authority said it warned of the vulnerability in January. It’s nothing new for institutions to fall short on security, but this misstep appears to